From: Peter Zijlstra <peterz@infradead.org>
Date: Tue, 8 Mar 2022 16:30:23 +0100
Subject: x86/ibt,xen: Sprinkle the ENDBR
Git-commit: 5b2fc51576eff811a614e33cbbd0c3cb05022892
Patch-mainline: v5.18-rc1
References: bsc#1201471

Even though Xen currently doesn't advertise IBT, prepare for when it
will eventually do so and sprinkle the ENDBR dust accordingly.

Even though most of the entry points are IRET like, the CPL0
Hypervisor can set WAIT-FOR-ENDBR and demand ENDBR at these sites.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/20220308154317.873919996@infradead.org
 [ only the xen-head.S bit with the s/RET/ret/, see bsc above. ]
Acked-by: Borislav Petkov <bp@suse.de>
---
 arch/x86/xen/xen-head.S        | 9 +++++++--
 1 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 11d286529fe5..ac17196e2518 100644
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -25,8 +25,12 @@
 SYM_CODE_START(hypercall_page)
 	.rept (PAGE_SIZE / 32)
 		UNWIND_HINT_FUNC
-		.skip 31, 0x90
-		RET
+		ANNOTATE_NOENDBR
+		ret
+		/*
+		 * Xen will write the hypercall page, and sort out ENDBR.
+		 */
+		.skip 31, 0xcc
 	.endr
 
 #define HYPERCALL(n) \